====================================================== WARNING: possible circular locking dependency detected 4.14.284-syzkaller #0 Not tainted ------------------------------------------------------ kworker/0:3/8593 is trying to acquire lock: (&sb->s_type->i_mutex_key#23){+.+.}, at: [] inode_lock include/linux/fs.h:719 [inline] (&sb->s_type->i_mutex_key#23){+.+.}, at: [] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989 but task is already holding lock: ((&dio->complete_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 ((&dio->complete_work)){+.+.}: process_one_work+0x736/0x14a0 kernel/workqueue.c:2093 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 -> #1 ("dio/%s"sb->s_id){+.+.}: flush_workqueue+0xfa/0x1310 kernel/workqueue.c:2625 drain_workqueue+0x177/0x3e0 kernel/workqueue.c:2790 destroy_workqueue+0x71/0x710 kernel/workqueue.c:4116 __alloc_workqueue_key+0xd50/0x1080 kernel/workqueue.c:4093 sb_init_dio_done_wq+0x34/0x80 fs/direct-io.c:624 do_blockdev_direct_IO fs/direct-io.c:1287 [inline] __blockdev_direct_IO+0x3df1/0xdcb0 fs/direct-io.c:1423 blockdev_direct_IO include/linux/fs.h:2994 [inline] fat_direct_IO+0x19b/0x320 fs/fat/inode.c:275 generic_file_direct_write+0x1df/0x420 mm/filemap.c:2958 __generic_file_write_iter+0x2a2/0x590 mm/filemap.c:3137 generic_file_write_iter+0x36f/0x650 mm/filemap.c:3208 call_write_iter include/linux/fs.h:1780 [inline] aio_write+0x2ed/0x560 fs/aio.c:1553 io_submit_one fs/aio.c:1641 [inline] do_io_submit+0x847/0x1570 fs/aio.c:1709 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb -> #0 (&sb->s_type->i_mutex_key#23){+.+.}: lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989 fat_file_fsync+0x73/0x1f0 fs/fat/file.c:165 vfs_fsync_range+0x103/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2684 [inline] dio_complete+0x561/0x8d0 fs/direct-io.c:330 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 other info that might help us debug this: Chain exists of: &sb->s_type->i_mutex_key#23 --> "dio/%s"sb->s_id --> (&dio->complete_work) Possible unsafe locking scenario: CPU0 CPU1 ---- ---- lock((&dio->complete_work)); lock("dio/%s"sb->s_id); lock((&dio->complete_work)); lock(&sb->s_type->i_mutex_key#23); *** DEADLOCK *** 2 locks held by kworker/0:3/8593: #0: ("dio/%s"sb->s_id){+.+.}, at: [] process_one_work+0x6b0/0x14a0 kernel/workqueue.c:2088 #1: ((&dio->complete_work)){+.+.}, at: [] process_one_work+0x6e6/0x14a0 kernel/workqueue.c:2092 stack backtrace: CPU: 0 PID: 8593 Comm: kworker/0:3 Not tainted 4.14.284-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: dio/loop3 dio_aio_complete_work Call Trace: __dump_stack lib/dump_stack.c:17 [inline] dump_stack+0x1b2/0x281 lib/dump_stack.c:58 print_circular_bug.constprop.0.cold+0x2d7/0x41e kernel/locking/lockdep.c:1258 check_prev_add kernel/locking/lockdep.c:1905 [inline] check_prevs_add kernel/locking/lockdep.c:2022 [inline] validate_chain kernel/locking/lockdep.c:2464 [inline] __lock_acquire+0x2e0e/0x3f20 kernel/locking/lockdep.c:3491 lock_acquire+0x170/0x3f0 kernel/locking/lockdep.c:3998 down_write+0x34/0x90 kernel/locking/rwsem.c:54 inode_lock include/linux/fs.h:719 [inline] __generic_file_fsync+0x9e/0x190 fs/libfs.c:989 fat_file_fsync+0x73/0x1f0 fs/fat/file.c:165 vfs_fsync_range+0x103/0x260 fs/sync.c:196 generic_write_sync include/linux/fs.h:2684 [inline] dio_complete+0x561/0x8d0 fs/direct-io.c:330 process_one_work+0x793/0x14a0 kernel/workqueue.c:2117 worker_thread+0x5cc/0xff0 kernel/workqueue.c:2251 kthread+0x30d/0x420 kernel/kthread.c:232 ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:404 REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[1 2 0(1) DIR], item_len 35, item_location 4029, free_space(entry_count) 2 REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 8211. Fsck? REISERFS (device loop4): Remounting filesystem read-only REISERFS error (device loop4): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD] REISERFS warning (device loop4): reiserfs_fill_super: corrupt root inode, run fsck MINIX-fs: mounting unchecked file system, running fsck is recommended MINIX-fs: mounting unchecked file system, running fsck is recommended unregister_netdevice: waiting for ip6gre0 to become free. Usage count = -1 kauditd_printk_skb: 6 callbacks suppressed audit: type=1804 audit(1655385317.641:52): pid=12525 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir2597540839/syzkaller.xRDh45/101/file0/bus" dev="loop4" ino=15 res=1 MINIX-fs: mounting unchecked file system, running fsck is recommended MINIX-fs: mounting unchecked file system, running fsck is recommended audit: type=1804 audit(1655385318.621:53): pid=12583 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3896268556/syzkaller.E5MVtS/104/file0/bus" dev="loop5" ino=16 res=1 audit: type=1804 audit(1655385318.621:54): pid=12579 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2231623804/syzkaller.Hs541I/98/bus" dev="sda1" ino=14375 res=1 audit: type=1804 audit(1655385318.711:55): pid=12586 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir2597540839/syzkaller.xRDh45/102/file0/bus" dev="loop4" ino=17 res=1 audit: type=1804 audit(1655385318.771:56): pid=12590 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir1558051131/syzkaller.8HUNN0/100/file0/bus" dev="loop3" ino=18 res=1 audit: type=1804 audit(1655385320.251:57): pid=12646 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.5" name="/root/syzkaller-testdir3896268556/syzkaller.E5MVtS/105/file0/bus" dev="loop5" ino=20 res=1 audit: type=1804 audit(1655385320.281:58): pid=12644 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir2231623804/syzkaller.Hs541I/99/bus" dev="sda1" ino=14379 res=1 audit: type=1804 audit(1655385320.291:59): pid=12643 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir2597540839/syzkaller.xRDh45/103/file0/bus" dev="loop4" ino=19 res=1 audit: type=1804 audit(1655385320.291:60): pid=12645 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir1558051131/syzkaller.8HUNN0/101/file0/bus" dev="loop3" ino=21 res=1 audit: type=1804 audit(1655385321.721:61): pid=12700 uid=0 auid=4294967295 ses=4294967295 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir2597540839/syzkaller.xRDh45/104/file0/bus" dev="loop4" ino=22 res=1 MTD: Attempt to mount non-MTD device "/dev/loop3" romfs: Mounting image 'rom 5f663c08' through the block layer kauditd_printk_skb: 3 callbacks suppressed audit: type=1800 audit(1655385322.941:65): pid=12761 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="file0" dev="loop3" ino=128 res=0 MTD: Attempt to mount non-MTD device "/dev/loop3" romfs: Mounting image 'rom 5f663c08' through the block layer MTD: Attempt to mount non-MTD device "/dev/loop4" audit: type=1800 audit(1655385323.771:66): pid=12797 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="file0" dev="loop3" ino=128 res=0 romfs: Mounting image 'rom 5f663c08' through the block layer MTD: Attempt to mount non-MTD device "/dev/loop3" romfs: Mounting image 'rom 5f663c08' through the block layer audit: type=1800 audit(1655385324.021:67): pid=12827 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="file0" dev="loop3" ino=128 res=0 MTD: Attempt to mount non-MTD device "/dev/loop3" MTD: Attempt to mount non-MTD device "/dev/loop4" romfs: Mounting image 'rom 5f663c08' through the block layer romfs: Mounting image 'rom 5f663c08' through the block layer audit: type=1800 audit(1655385324.691:68): pid=12849 uid=0 auid=4294967295 ses=4294967295 op="collect_data" cause="failed" comm="syz-executor.3" name="file0" dev="loop3" ino=128 res=0 MTD: Attempt to mount non-MTD device "/dev/loop4" romfs: Mounting image 'rom 5f663c08' through the block layer hpfs: Bad magic ... probably not HPFS hpfs: Bad magic ... probably not HPFS hpfs: Bad magic ... probably not HPFS hpfs: Bad magic ... probably not HPFS hpfs: Bad magic ... probably not HPFS hpfs: Bad magic ... probably not HPFS